Accepted systemd 241-1~bpo9+1 (source) into stretch-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 Mar 2019 08:55:28 +0100
Source: systemd
Architecture: source
Version: 241-1~bpo9+1
Distribution: stretch-backports
Urgency: high
Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Closes: 743217 825949 826214 887250 903011 903288 909396 914285 915049 915095 915261 915407 916516 916678 917124 917167 917195 917215 917607 917633 917948 918190 918658 918764 918841 918848 918927 919206 919390 920018
Changes:
systemd (241-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports
.
systemd (241-1) unstable; urgency=medium
.
[ Adam Borowski ]
* Make libpam-systemd Provide: logind, default-logind.
This allows alternate logind implementations such as elogind, without
having to recompile every dependant package -- as long as the client API
remains compatible.
These new virtual packages got policy-approved in #917431. (Closes: #915407)
.
[ Felipe Sateler ]
* New upstream version 241
- Refresh patches
- Backport upstream fix for Driver= matches in .network files
.
[ Martin Pitt ]
* debian/libsystemd0.symbols: Add new symbol from release 241
* Fix various bugs and races in networkd tests.
This should get the autopkgtest back to green, which regressed with
dnsmasq 2.80.
.
systemd (240-6) unstable; urgency=high
.
* High urgency as this fixes a vulnerability.
.
[ Felipe Sateler ]
* Reenable pristine-tar in gbp.conf.
The pristine-tar bug has been fixed, so we can use it again.
This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e.
* d/watch: add version mangle to transform -rc to ~rc.
Upstream has started releasing rcs, so let's account for that
* Fix comment about why we disable hwclock.service.
Systemd nowadays doesn't do it itself because the kernel does it on its
own when necessary, and when not, it is not safe to save the hwclock (eg,
there is no certainty the system clock
is correct)
* udev: Backport upstream preventing mass killings when not running under
systemd (Closes: #918764)
.
[ Dimitri John Ledkov ]
* debian/tests/storage: improve cleanups.
On fast ppc64el machines, cryptsetup start job may not complete by the
time tearDown is executed. In that case stop, causes to simply cancel the
start job without actually cleaning up the dmsetup node. This leads to
failing subsequent test as it no longer starts with a clean device. Thus
ensure the systemd-cryptsetup unit is started, before stopping it.
Also rmmod scsi_debug module at the end, to allow re-running the test in a
loop.
* debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey.
* debian/tests/control: add socat to upstream tests for pull #11591
* Blacklist TEST-10-ISSUE-2467 #11706
* debian/tests/storage: fix for LUKS2 and avoid interactive password
prompts.
.
[ Martin Pitt ]
* udevadm: Fix segfault with subsystem-match containing '/'
(Closes: #919206)
* sd-bus: if we receive an invalid dbus message, ignore and proceed
* sd-bus: enforce a size limit on D-Bus object paths.
This avoids accessing/modifying memory outside of the allocated stack
region by sending specially crafted D-Bus messages with very large object
paths.
Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>,
patch provided by Riccardo Schirone <rschiron@redhat.com>.
(CVE-2019-6454)
.
systemd (240-5) unstable; urgency=medium
.
[ Felipe Sateler ]
* Revert interface renaming changes. (Closes: #919390)
.
[ Martin Pitt ]
* process-util: Fix memory leak (Closes: #920018)
.
systemd (240-4) unstable; urgency=medium
.
[ Benjamin Drung ]
* Fix shellcheck issues in initramfs-tools scripts
.
[ Michael Biebl ]
* Import patches from v240-stable branch (up to f02b5472c6)
- Fixes a problem in logind closing the controlling terminal when using
startx. (Closes: #918927)
- Fixes various journald vulnerabilities via attacker controlled alloca.
(CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
* sd-device-monitor: Fix ordering of setting buffer size.
Fixes an issue with uevents not being processed properly during coldplug
stage and some kernel modules not being loaded via "udevadm trigger".
(Closes: #917607)
* meson: Stop setting -fPIE globally.
Setting -fPIE globally can lead to miscompilations on certain
architectures. Instead use the b_pie=true build option, which was
introduced in meson 0.49. Bump the Build-Depends accordingly.
(Closes: #909396)
.
systemd (240-3) unstable; urgency=medium
.
* udev.init: Trigger add events for subsystems.
Update the SysV init script and mimic the behaviour of the initramfs and
systemd-udev-trigger.service which first trigger subsystems and then
devices during the coldplug stage.
* udevadm: Refuse to run trigger, control, settle and monitor commands in
chroot (Closes: #917633)
* network: Set link state configuring before setting addresses.
Fixes a crash in systemd-networkd caused by an assertion failure.
(Closes: #918658)
* libudev-util: Make util_replace_whitespace() read only len characters.
Fixes a regression where /dev/disk/by-id/ names had additional
underscores.
* man: Update color of journal logs in DEBUG level (Closes: #917948)
* Remove old state directory of systemd-timesyncd on upgrades.
Otherwise timesyncd will fail to update the clock file if it was created
as /var/lib/private/systemd/timesync/clock.
This was the case when the service was using DynamicUser=yes which it no
longer does in v240. (Closes: #918190)
.
systemd (240-2) unstable; urgency=medium
.
* Pass separate dev_t var to device_path_parse_major_minor.
Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
* test-json: Check absolute and relative difference in floating point test.
Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
(Closes: #917215)
* sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
Fixes a segfault in systemd-udevd when debug logging is enabled.
* udev-event: Do not read stdout or stderr if the pipefd is not created.
This fixes problems with device-mapper symlinks no longer being created
or certain devices not being marked as ready. (Closes: #917124)
* Don't bump fs.nr_open in PID 1.
In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.
(Closes: #917167)
.
systemd (240-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 240
- core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
(Closes: #903011)
- machined: Rework referencing of machine scopes from machined
(Closes: #903288)
- timesync: Fix serialization of IP address
(Closes: #916516)
- core: Don't track jobs-finishing-during-reload explicitly
(Closes: #916678)
* Rebase patches
* Install new systemd-id128 binary
* Update symbols file for libsystemd0
* Update nss build options
.
[ Martin Pitt ]
* tests: Disable some flaky upstream tests.
See https://github.com/systemd/systemd/issues/11195
* tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
See https://github.com/systemd/systemd/issues/11195
.
systemd (239-15) unstable; urgency=medium
.
[ Felipe Sateler ]
* Fix container check in udev init script.
Udev needs writable /sys, so the init script tried to check before
starting. Unfortunately, the check was inverted. Let's add the missing
'!' to negate the check.
(Closes: #915261)
* Add myself to uploaders
.
[ Michael Biebl ]
* Remove obsolete systemd-shim conffile on upgrades.
The D-Bus policy file was dropped from the systemd-shim package in
version 8-4, but apparently there are cases where users removed the
package before that cleanup happened. The D-Bus policy file that was
shipped by systemd-shim was much more restrictive and now prevents
calling GetDynamicUsers() and other recent APIs on systemd Manager.
(Closes: #914285)
.
systemd (239-14) unstable; urgency=medium
.
[ Michael Biebl ]
* autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
* resolved: Increase size of TCP stub replies (Closes: #915049)
* meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
Fixes a build failure with glibc 2.28.
* Drop procps dependency from systemd.
The systemd-exit.service user service no longer uses the "kill" binary.
* Simplify container check in udev SysV init script.
Instead of using "ps" to detect a container environment, simply test if
/sys is writable. This matches what's used in systemd-udevd.service via
ConditionPathIsReadWrite=/sys and follows
https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
This means we no longer need procps, so drop that dependency from the
udev package. (Closes: #915095)
.
[ Mert Dirik ]
* 40-systemd: Honour __init_d_script_name.
Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
(if available) to figure out real script name. (Closes: #826214)
* 40-systemd: Improve heuristics for init-d-script.
Improve heuristics for scripts run via init-d-script so that the
redirection works even for older init-d-script versions without the
__init_d_script_name variable.
.
systemd (239-13) unstable; urgency=medium
.
* autopktest: Add e2fsprogs dependency to upstream test.
Some of the upstream tests require mkfs.ext4. (Closes: #887250)
* systemctl: Tell update-rc.d to skip creating any systemd symlinks.
When calling update-rc.d via systemd-sysv-install, tell it to skip
creating any systemd symlinks as we want to handle those directly in
systemctl. Older update-rc.d versions will ignore that request, but
that's ok. This means we don't need a versioned dependency against
init-system-helpers. (Closes: #743217)
* pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
(Closes: #825949)
* Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
The patch is no longer necessary as lxc.service now uses Delegate=yes.
* Remove obsolete Replaces from pre-jessie
Checksums-Sha1:
c1b9b144f935051be11d34abe7f1f0076efe16c8 4909 systemd_241-1~bpo9+1.dsc
0fd58cad751f1f210d229b79a9b78b8deddf0532 146236 systemd_241-1~bpo9+1.debian.tar.xz
b05cc9a34f8da6ac535ba48fb9b21d5738aff1e2 9026 systemd_241-1~bpo9+1_source.buildinfo
Checksums-Sha256:
b1097ba5c99a4355e5ab3c044d7d82ac480b77dce9dfb7f59862608e048a0e9a 4909 systemd_241-1~bpo9+1.dsc
057e1ec0a62ebd415c44287eb679b8c35c7093ea573ddaf843c3cfbc1626673a 146236 systemd_241-1~bpo9+1.debian.tar.xz
9a127cc757517e290b5225779bf84d4d4e86bb1684be5ddb17658764b3bff1f0 9026 systemd_241-1~bpo9+1_source.buildinfo
Files:
8950d98736e28cf4d31de7ac164c06f5 4909 admin optional systemd_241-1~bpo9+1.dsc
ba3de90ac27bcb00915ad7238f8a2309 146236 admin optional systemd_241-1~bpo9+1.debian.tar.xz
9098ef70f88c03c948065aca4ccd4b12 9026 admin optional systemd_241-1~bpo9+1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlx/g4EACgkQauHfDWCP
ItyWsg//fremrpYTLUyb+btQUs6BYGOQnJ+poSwYAqPb+oMKIGEKr8yzSp74JPAa
i7FBaMITlruAiwM1T3GiOkVtHhxypG8e3qr0oW1ez7OT3djWD5n8PKy4I/b6N8qN
2T5e9R+9mFhzSEwIqTs0SPb5i6zEMtx8MI+ZZZkTTuPWQln0GXr2yCuT7Gi3+m5M
XyIigYsUpUrhjH8XMy90zf+xhQIVjahD/jEdcT6o4eX8f1sztgpP2iiuKHxHObJf
7yE1YdOEECg2LWr3evoWcwwd0YfAodkZ4yAUUkhzmBN1IiOLJ/aQE8Z7Y64dmPjy
6W8xj8bGXBNVmBVcxFG+oj5334Svv6xI8BgeC8R/JEBlnc4v67W7nl+hNOKfTytY
EIYOmH5h4mhSsnjlgjiY2DGYBC/B0RBrBQvoF5rrRx3ERBqu6zukNVslL6NjSKi5
YQd31lkJBwt6FnUYdPWEahFHf1tZeolxz16/qPKmcEuZVZfYyibTlDOFjDXOewjd
egQyKxDUQnXtPeMrTlpInSIVibHR/lSYnRnElMJ8mA3x0x5ChI/ZKK+UHLgLDa7c
HabczaNgKsrbsgDlcC3wX7BpPmQFYwGpJp5f2dfGu96aeAEVtm78IXBfmlgp/zcP
0RWUiY01ziLn3GAXWavhFwXQBvp9Db/AhEaK3K0ZZC7n3F5trD4=
=WT6k
-----END PGP SIGNATURE-----
Reply to: